|
Graham Dumpleton
grahamd at dscpl.com.au
Thu Jan 27 16:36:56 EST 2005
Jorey Bump wrote .. > 3. Best, import handle from external module, preferably in path outside > of DocumentRoot: > > # connect.py > # put this module in a directory in PYTHONPATH > import MySQLdb > # Set up db connection and return handle. > _dbhost = "localhost" > _dbuser = "bob" > _dbpwd = "secret" > _dbname = "foo" > dbh = MySQLdb.connect(_dbhost, _dbuser, _dbpwd, _dbname) This approach of having it in a separate module (outside of your document tree), is also preferred for other reasons as well. Namely, it is never a good idea to have login names and passwords, or any sensitive information for that matter within a Python code file which exists within the document tree. All it takes is for a coding stuff up on your own part, a misconfiguration of Apache or for some other problem to arise and your Python code files could get exposed to the outside world, thus revealing said logins, passwords or other sensitive information. That in publisher globals not prefixed with an underscore are exposed, makes it even more prone to these risks than other mechanisms. Graham
|